8epochs.
The assessment About Sign in Request access

Privacy Policy

Version 1.0 — Effective from May 2026

1. Who We Are

This service is operated by Julian Reed, a private individual based in the United Kingdom, acting as the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

ICO registration number: [TO BE ADDED]

Contact: [YOUR EMAIL ADDRESS]

2. What Data We Collect

We collect the following categories of personal data:

Account data

Your email address, provided when you sign up or are invited to use the service.

Intake data

Your name (or preferred name), current role and industry, career stage, and motivation for using the service — provided by you on the intake form.

Questionnaire responses

Your answers to 30 personality questionnaire items, and the scores computed from those answers.

Conversation content

The full text of your conversations with the AI during the assessment, including your messages and the AI's responses.

Derived personality data

The personality profile, values assessment, vocational interest profile, and career guidance generated by the AI based on your questionnaire responses and conversation. This data may constitute special category data (data concerning psychological characteristics) under UK GDPR Article 9.

CV / career experience data (optional)

If you choose to upload your CV during Phase 2 of the assessment, we process the text content of the PDF you provide. Our system automatically removes detectable personal contact information (email addresses, phone numbers, postal addresses, postcodes, and URLs) before storage. Only the substance of your career — roles, responsibilities, tenure, industries, education, and qualifications — is retained. We do not store the original PDF file. CV upload is entirely optional; the assessment works without it.

Technical data

IP address, browser type, and timestamps of your interactions with the service. This is collected automatically for security and service operation.

3. How We Use Your Data

Purpose Data used Lawful basis (Art. 6) Special category condition (Art. 9)
Providing the personality assessment Intake data, questionnaire responses, conversation content, derived personality data Explicit consent (Art. 6(1)(a)) Explicit consent (Art. 9(2)(a))
Account management and authentication Email address, technical data Contract (Art. 6(1)(b)) N/A
Security, fraud prevention, rate limiting IP address, technical data Legitimate interests (Art. 6(1)(f)) N/A
Legal compliance and defending legal claims Consent records, account records, transaction records Legal obligation (Art. 6(1)(c)) / Legitimate interests (Art. 6(1)(f)) N/A

4. AI Processing

This service uses Claude, an AI language model developed by Anthropic PBC (San Francisco, California, USA), to generate your personality assessment.

When you use the assessment:

  • Your questionnaire scores and conversation messages are sent to Anthropic's API for processing
  • Anthropic processes this data as a data processor acting on our instructions
  • Anthropic does not use your data to train its AI models (API data is excluded from training by default)
  • Anthropic retains API logs for up to 7 days for abuse prevention, after which they are deleted
  • A data processing agreement is in place with Anthropic incorporating the UK International Data Transfer Addendum

The AI generates outputs based on patterns in its training data and your specific inputs. Outputs may contain errors, biases, or inaccuracies. The AI does not have access to external databases about you — it only knows what you share during the assessment.

5. Automated Decision-Making

The personality scores and career recommendations generated by this service are produced by automated processing (AI). However, these outputs are for your information and self-reflection only. No decisions with legal or similarly significant effects are made about you based on these outputs.

You have the right to request human review of any output by contacting us.

6. Who We Share Your Data With

RecipientPurposeLocationSafeguard
Anthropic PBC AI processing (generating assessment) United States Data Processing Agreement with UK IDTA / Standard Contractual Clauses
Supabase Inc. Database hosting (storing your account and assessment data) EU/US Data Processing Agreement
Cloudflare Inc. Website hosting, security, content delivery Global (nearest data centre) Data Processing Agreement; DPF certified

We do not sell your personal data. We do not share your data with advertisers. We do not use your data for marketing purposes.

7. International Data Transfers

Your personal data, including conversation content and derived personality data, is transferred to the United States when processed by Anthropic's API. This transfer is protected by:

  • The UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses, incorporated in Anthropic's Data Processing Agreement
  • Anthropic's technical and organisational security measures

You can request a copy of the applicable transfer safeguards by contacting us.

8. How Long We Keep Your Data

DataRetention period
Assessment data (conversations, reports, questionnaire responses) Until you delete it or delete your account
Account data (email, profile) Until you delete your account
Consent records 6 years after account closure (for legal claims defence)
Audit logs (deletion records) 6 years (for legal compliance)
Technical/security logs 30 days

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (see "Deleting Your Data" below)
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal
  • Right not to be subject to solely automated decision-making — request human review of automated outputs

To exercise any of these rights, contact us at [YOUR EMAIL ADDRESS]. We will respond within one calendar month.

10. Deleting Your Data

You can delete your assessment data or your entire account through the account settings page on your dashboard. When you request deletion:

  • Assessment data deletion: All conversation transcripts, questionnaire responses, computed scores, CV text (if uploaded), and generated reports are permanently deleted. Your account remains active.
  • Account deletion: All assessment data is deleted, plus your account and email are removed. Any remaining credits are forfeited.

In both cases, we retain the following for up to 6 years after deletion, as permitted under UK GDPR Article 17(3)(e) for the establishment, exercise, or defence of legal claims: a record that deletion occurred, when it occurred, and your original consent records.

We recommend downloading your reports before requesting deletion, as this action is irreversible.

11. Cookies and Similar Technologies

This service uses only strictly necessary cookies and local storage:

  • Authentication session — stored in your browser's localStorage to keep you logged in. This is essential for the service to function.
  • Cloudflare security cookies (e.g., __cfruid, __cf_bm) — set automatically by Cloudflare for rate limiting and bot protection. These are strictly necessary security cookies and do not track you across sites.

We do not use analytics cookies, advertising cookies, or any form of cross-site tracking. No consent is required for strictly necessary cookies under PECR, but we disclose them here for transparency.

12. Children

This service is not intended for anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has used this service, please contact us and we will delete their data.

13. Security

We implement proportionate technical and organisational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all data transmission
  • Encryption at rest for stored data (provided by our database host)
  • Row-level security ensuring users can only access their own data
  • Access controls and authentication for all data access
  • API key security — credentials are stored as encrypted secrets, never exposed to browsers

14. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, you will be asked to review and accept the updated policy before continuing to use the service. The version number and effective date at the top of this page indicate the current version.

15. Complaints

If you have concerns about how your data is handled, please contact us first at [YOUR EMAIL ADDRESS].

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
← Back to Dashboard